The present invention relates to computerized systems, software and methods for guest account management using cloud based security services.
Guest accounts arise in a variety of ways. Hotels, Coffee Shops, internet cafes, internet kiosks, etc. provide internet access to their guests (e.g., customers). The guest's internet access is typically short-lived, lasting from a couple of minutes to a couple of days. Guest accesses also occur in enterprises where partners, vendors, contract workers, and/or students are the guests. In all these scenarios, though the number of concurrent visitors is small at any point in time, the number of unique visitors over an extended period of time is significantly large. Similar situation arises in retail shops where the employees work on an hourly basis, and often at-will. Internet access may be given as an incentive or given as part of the job. Using a very large collection of individual user accounts for each such guest is expensive as well as time consuming. Yet another example of guest access to internet arises in conference venues, sports venues and exhibition stalls. For a short period of time, a large number of guests arrive, and providing them with safe internet access is a challenge. It is very expensive to provide on-premise security in such venues and to manage the security providing appliances.
In conventional guest management environments, guest users are enabled to access network resources through an enterprise network using a guest user account. A guest user account may be created for a guest for a limited time. Guest account credentials of the guest account may be provided to the guest to use the guest account using any of a variety of techniques, for example, by scanning a guest access card, credit card or mobile telephone of guest user, and providing the guest account credentials to the user based on the information obtained. A guest access management server located on-premise may be configured to generate and maintain guest accounts, authenticate guest users, and track and log guest activity. The on-premises overhead in connection with guest user management is the same or more than for management of permanent user accounts. A VLAN technology may be used to separate guest traffic from host enterprise traffic on the host enterprise network. After a guest user is authenticated, communications to and from the guest user may be routed to a guest VLAN. This mechanism isolates guests from the normal users using the existing on-premise security infrastructure. On-premise infrastructure, however, is generally not intended to absorb an elastic user population in the form of guests.
Another issue with current guest management approaches using on premise equipment is its inability to scale with increased guest account usage. On premise equipment may be used by the permanent and non-mobile workforce; however, in order to accommodate a large number of guest accounts, the enterprise may need to upgrade or expand its investment in on premise management hardware and software.
In addition, guest accounts are one of the most abused types of user accounts. They are often used in performing illicit activities such as (1) transactions on illegal sites such as pornography, internet violence, subversive activities, activities of terror, etc. or (2) transactions that may involve fraud or theft. Many cyber crimes are conducted through guest accounts. Hence, safety of guest accounts is desirable. In conventional guest management environments that allow re-use of permanent guest accounts, guest accounts usually do not have an associated user name, or other identifying information, and thus, the log records achieve anonymity for the guest user. Since there is no real user associated with the guest accounts, its audit trails cannot bind a security incident with a suspect subject. One method to avoid this is to provide every user with a permanent account. As described above, however, such an approach is expensive and time consuming.